Microsoft Services can help you identify and prioritize the appropriate Microsoft SDL practices and tools to use during your organization's software development process. Our worldwide team of technical architects, engineers, consultants, and support professionals will partner with you across the following areas—implementing SDL practices and tools; conducting risk analysis; defining functional requirements, implementations, and technical verifications; planning response and execution; and developing security tools.
 
Microsoft Security Risk Detection is an AI-driven Dynamic Application Security Testing service, powered by the same state-of-the-art technology and practices that Microsoft uses to scan its own applications and websites. MSRD allows customers to easily perform web vulnerability scans on their websites and web APIs using over 90 attack modules that identify vulnerabilities from the OWASP Top 10 list and more. MSRD also provides AI-powered fuzzing modules to fuzz Windows and Linux based applications, and is completely development language agnostic. Contact msrd@microsoft.com for a free trial.

  • Threat Modeling for Security Risk

    Threat Modeling for Security Risk (TMSR) is a fixed-week engagement (10 days by default) that helps the customer to identify and analyze the major threats in their in-scope AI systems and IT environment, and to select the most appropriate mitigations. During this two-week engagement, Microsoft security consultants will help you build a threat model based on systems and components in scope, identify threats and mitigations, and produce clear actions to mitigate the threats.

  • Security Development Lifecycle and Web Application Security

    Participants will learn essential activities and practices to design and develop highly secure software and test for security. They will also understand top security vulnerabilities and how to protect against them. With the knowledge and awareness gained in this course, the participants should develop and deliver highly secure software by introducing the Security Development Lifecycle into their processes, understanding the nature of security vulnerabilities, and helping to create a security-conscious organization.

  • Secure DevOps: Security Development Lifecycle, Web Application Security and Threat Modeling

    Security DevOps: Security Development Lifecycle, Web Application Security and Threat Modeling is a two-day or three-day workshop that focuses on concepts, methodologies, and workflows that have been proven to yield more secure code. This workshop takes a hands-on approach to implementing highly secure design, verification, and implementation techniques to produce more secure software. In this class, participants will learn how to:
    • Move application security closer to the developer (Shift left) by integrating security practices as part of the development process. 
    • Develop more secure software and effectively test for security using best practices. 
    • Understand Security DevOps principles and how they help you integrate security into your DevOps workflow. 
    • Learn about the OWASP Top 10 security risks and how to mitigate them. 

Getting started

Contact your Microsoft Enterprise Services Executive to learn more. You can find more services provided by Microsoft Services here.